| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
|
|
|
|
|
| |
There is a difference between TS and NTS warning message, since
virtual_mkdir vs glibc directly is used. This has no effect for
the actual fix functionality.
|
| |
|
| |
|
| |
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* PHP-5.6.23: (24 commits)
iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
update NEWS
fix tests
fix build
Fix bug #72455: Heap Overflow due to integer overflows
Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
Fix bug #72298 pass2_no_dither out-of-bounds access
Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
Fix bug #72262 - do not overflow int
Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
Fix bug #72275: don't allow smart_str to overflow int
Fix bug #72340: Double Free Courruption in wddx_deserialize
update NEWS
Fix #66387: Stack overflow with imagefilltoborder
Fix bug #72321 - use efree() for emalloc allocation
5.6.23RC1
Fix bug #72140 (segfault after calling ERR_free_strings())
...
Conflicts:
configure.in
ext/mbstring/php_mbregex.c
ext/mcrypt/mcrypt.c
ext/spl/spl_array.c
ext/spl/spl_directory.c
ext/standard/php_smart_str.h
ext/standard/string.c
ext/standard/url.c
ext/wddx/wddx.c
ext/zip/php_zip.c
main/php_version.h
|
| |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-5.5:
Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
update NEWS
fix tests
fix build
Fix bug #72455: Heap Overflow due to integer overflows
Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
Fix bug #72298 pass2_no_dither out-of-bounds access
Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
Fix bug #72262 - do not overflow int
Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
Fix bug #72275: don't allow smart_str to overflow int
Fix bug #72340: Double Free Courruption in wddx_deserialize
update NEWS
Fix #66387: Stack overflow with imagefilltoborder
Skip test which is 64bits only
5.5.37 now
Conflicts:
configure.in
ext/mcrypt/mcrypt.c
ext/spl/spl_directory.c
main/php_version.h
|
| | |
| | |
| | |
| | | |
resulting in heap overflow
|
| | | |
|
| | |\
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* PHP-5.5.37:
fix tests
fix build
Fix bug #72455: Heap Overflow due to integer overflows
Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
Fix bug #72298 pass2_no_dither out-of-bounds access
Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
Fix bug #72262 - do not overflow int
Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
Fix bug #72275: don't allow smart_str to overflow int
Fix bug #72340: Double Free Courruption in wddx_deserialize
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
algorithm and unserialize
|
| | | |
| | | |
| | | |
| | | | |
unserialize
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | |/
| | |
| | |
| | |
| | |
| | |
| | | |
The stack overflow is caused by the recursive algorithm in combination with a
very large negative coordinate passed to gdImageFillToBorder(). As there is
already a clipping for large positive coordinates to the width and height of
the image, it seems to be consequent to clip to zero also.
|
| | |
| | |
| | |
| | |
| | |
| | | |
Diff from test output
001+ Warning: fread(): Length parameter must be greater than 0 in ...
001- Warning: fread(): Length parameter must be no more than 2147483647 in ...
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* PHP-7.0:
fix NEWS
add missing NEWS entry
update NEWS
#72337 invalid dimensions can lead to segv
7.0.9 next
Conflicts:
configure.in
main/php_version.h
|
| | | | |
|
| |\ \ \
| | |/ /
| | | |
| | | |
| | | | |
* PHP-5.6:
add missing NEWS entry
|
| | | | |
|
| | | | |
|
| |\ \ \ |
|
| | | | | |
|
| |\ \ \ \
| | |/ / /
| |/| / /
| | |/ /
| | | | |
* PHP-5.6:
#72337 invalid dimensions can lead to segv
|
| | | | |
|
|/ / / |
|
|\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-5.6:
Add test for bug #53735
|
| | | |
|
| | | |
|
|\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-5.6:
fix typo
|
| | | |
|